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We investigate a class of nominal algebraic Henkin-style models for the simply typed A- 
calculus in which variables map to names in the denotation and A -abstraction maps to a 
(non-functional) name-abstraction operation. The resulting denotations are smaller and 
better-behaved, in ways we make precise, than functional valuation-based models. 

Using these new models, we then develop a generalisation of A -term syntax enriching 
them with existential meta-variables, thus yielding a theory of incomplete functions. This 
incompleteness is orthogonal to the usual notion of incompleteness given by function ab- 
straction and application, and corresponds to holes and incomplete objects. 

1 Introduction 

In this paper we develop a Henkin-style semantics for the simply-typed A-calculus in nomi- 
nal sets. The simply-typed A -calculus (STLC) has notions of typed variable, substitution, and 
function abstraction. Correspondingly, our models in nominal sets will enrich 'ordinary' sets 
with typed names, a substitution action, and name-abstraction. Thus, concepts that are nor- 
mally characteristic of syntax — like variable, substitution, and variable-binding — are explicitly 
represented as nominal algebraic structure [ ]. 

The resulting models have different properties from traditional valuation-style ('closed') 
semantics. Intuitively this is because leaving names in the denotation gives the models more 
structure — ^we have more information about 'where an element came from'. 

For instance. Proposition 3.6 (the (i^) rule) and Theorem 3.15 (well-pointedness) are proper- 
ties that hold of the nominal models of this paper, and fail for 'classical' treatments (see Exam- 
ples 3.7 and 3.16). This is because the direct inclusion of names into the denotation forces there 
to be 'enough' elements of the model, and naturality requirements of the models require these 
elements to be 'sufficiently distinguishable'. These conditions cannot be expressed without 
names in the denotation. 

Furthermore, we find that we can extend this to a syntax and semantics for existential vari- 
ables. That is, we will extend STLC syntax with 'holes'. The technique used is essentially 
the same as the nominal terms of [ ] (a permissive variant thereof, following [ , ]) but taking 
semantics in nominal models of STLC instead of in datatypes of abstract syntax with binding. 

Because A -abstraction maps to atoms-abstraction, the denotation of functions does not in- 
volve function spaces. Because variables map to themselves, valuations are not used either; 
their role is taken by the substitution for names. Thus we obtain a simple 'first-order flavoured' 
completeness proof (Theorem 3.11). 

In summary, nominal Henkin models differ from 'ordinary' Henkin models by including 
variables and substitution in the underlying domain of the denotation as nominal algebraic 
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Figure 1: Typing rules for the simply-typed A -calculus (STLC) 

structure. This yields a new class of models which seems to not display certain pathologies of 
the 'ordinary' models, and which can be leveraged to design novel calculi with applications 
e.g. to existential variables. 



2 Background 

Background on simply-typed A -calculus 

Definition 2.1. Fix a countably infinite set of atoms A. 

We use a permutative convention that a,b,c,. .. range over distinct atoms (so for instance in 
Definition 2.3 the a, are silently assumed distinct, in Definition 2.8 a and b are taken distinct, 
and so on). 

Definition 2.2. 1. Fix a nonempty set of base types z G BaseTypes. Define (simple) types by 

::= T I — 0. Let 0, 'x, range over types. 
2. Fix a set of constants C G Constants, to each of which is associated a type type{C). 

Define terms by: r ::= a\C \ Xa:<^.r \ rr. Let r, s, t range over terms. Xa binds a in Xa:<^.s 
and we take terms up to a-equivalence as usual. 
Define free atoms/<3(r) by/fl'(a) = {a},fa{C) = 0,fa{rs) =fa{r)Llfa{s), and fa{Xa:(j) .r) =fa{r)\{a}. 

Definition 2.3. Give terms a capture-avoiding substitution action r[ai:=Si]" (side-conditions 
can be guaranteed by a-renaming): 

a j [at : =Si]'l = Sj blaf. =Si] \ = b 

C[ai:=Si]'l = C {Xc-x.r)[ai-=Si]\ = Xc-xWi-=Si\'l) (c U/fl(^,))) 

{rs)[ai:=Si\l = {r[ai:=Si\l){s[ai:=Si\'l) 

Definition 2.4. Let =^ be the least equivalence on terms (up to a-equivalence) such that: 

r=pr' s=ps' s =ii s' (o\ 

Definition 2.5. A type environment F is a set of atomic typings a : (/> which is functional in the 
sense that if t? : and a : 0' then = 0'. 

Derivable typing judgements Fh r : are defined using the (standard) rules in Figure 1. 

Define the domain of Fby (iom(r) = {a \ 3<p.{a:<p G F)}. Write F,a:(^ for the type environment 
obtained by adding a:(p to F; if we write this, we impose a condition that a dom(T). 

Definition 2.6. A typing judgement is a tuple F h r : 0. The derivable typing judgements are 
defined in Figure 1. 
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Background on nominal sets 

Definition 2.7. The cumulative hierarchy of ZFA sets ^ is the least fixed point of ^ = A U 
powerset{'W ). This can be constructed by starting from atoms and transfinitely adding all sub- 
sets (a construction going back to Von Neumann [32]). 

Definition 2.8. Given a,b ^ A write {a b) for the swapping bijection on atoms mapping ato b, b 
to a, and any other c £ A\{a,b} to c. 

If 71 is a bijection on atoms define nontriv{7i) = {a \ 7i{a) / a}. 

Write P for the group of bijections (finitely) generated by swappings, and call these bijec- 
tions permutations. 

Write 71 on' for the composition of n and n' (so {no7i'){a) = 7i{7i'{a))). Write id for the 
identity permutation (so id{a) = a always). 

Lemma 2.9. A bijection n on atoms is a permutation if and only if nontriv{n) = {a \ n{a) ^ a\ is finite. 

Definition 2.10. Give a permutation action %-x inductively defined by %-a = %(cl) for a £ A, 
and K-X = {tl-x | x G X} for X G ^ \ A. 

If A C A writeyk(A) = {tt G P | VaGA.7r(a) = a}. 

Say that A C A supports x G ^ when \/K£fix{A).n-x = x. 

Definition 2.11. Call an element x G finitely-supported when it has a unique least finite 
supporting set supp(x). Write a#x for a supp{x) and read this as 'a is fresh for x . 

Lemma 2.12 ([24, 14]). Ifx G has a finite sup-porting set A, then supp{x) exists. 

Our reasoning can be formalised in first-order logic, enriched with the axioms of Zermelo- 
Fraenkel set theory with atoms (ZFA). This is just a formal way of stating that we have assumed 
atoms and sets and we reason about them mathematically, but stating it in terms of formal logic 
lets us express an important observation, that our reasoning is symmetric under permutation: 

Theorem 2.13. Ifx denotes a list xi , . . . ,x„, write n-xfor k-x\ ,.. ., 7r-x„. Suppose <I>(x) is a ZFA predicate 
on variables included in x. Then we have equivariance [ , Section 4]:^ <I>(x) ^(n-x). 

We will appeal to equivariance repeatedly to quickly yet rigorously rename atoms, usually 
while retaining an inductive hypothesis. See for instance Lemma 3.5.^ 

Definition 2.14. Say that X G \ A has the trivial action when supp{x) = for every x G X 
(equivalently: when tt-x = x for every x G X and permutation n). 

Definition 2.15. If X,y G \ A then a function(-set) from X to 7 is a subset of X x 7 such that 
VxGX.33;GF.(x,3;) G / and Mx,y,y' .{{x,y) G / A (x,/) G f)^y = y' . Write X^Y for the set of all 
functions from X to F. Write X^Y for the set of all functions from X to F with finite support. 

Remark 2.16. The permutation action from Definition 2.10 gives / G X— >-y the conjugation per- 
mutation action specified by n-{f{x)) = {n-f){n-x). 

Lemma 2.17. IfX and Y in '^\A have the trivial permutation action (Definition 2.14), then so does 
X—T-Y, and X— = X=^F. (If underlying sets have empty support then so do functions between them.) 



X must contain all the variables mentioned in the predicate. It is not the case that a = a if and only if a = h — but 
it is the case that a = bii and only if b = a. 

^This technique was used in pencil-and-paper mathematics instead of long inductive proofs, e.g. in [ ]. 
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3 Nominal models for simple type theory 

3.1 Nominal A -model 

Notation 3.1. Write n V = {n{a):(l) \ a:0 G T}. 

Definition 3.2. A model 3 consists of an assignment for each type environment F and type <j) of 
a finitely-supported set [[^Jp together with the following data: 

1. For every a-.cj) G F an element aj, G [[^Jp. 

2. For every constant C an element C G [[fy/'e(C)]]p. 

3. If ;c G Iv^ilr.fl:^, an element [a:(j)]x G [[^-^i/aJJ.. 

4. For X G [[(/'-^'/''Ir ^rid y G {(pjl-, an element G lYfr- 

6. If X G then supp{x) C domiT). 
J must be equivariant in the sense that: 

7r-[(/.l^ = {TT-x I X G [0fr} = mi-r ^'^l = %-C = C 

Ti\a:^\x = \n[a)\^\n-x Ti\x*y) = (n-x) • (n-y) 

We write x[a ^ y] as sugar for {[a:<p]x) my. In addition, 3 must be a nominal algebra for substi- 
tution by satisfying rules (Suba), (Sub#), (SubApp), and (SubA); we fill in types as appropriate 
(we discuss (Subid) below): 



(Suba) cjj, [a !-)• x] = x 

(Sub#) a#z^ z[ai-^x] = z 

(SubApp) {zf • z)[a I-?- x] = {z'[ai-?'x])»{z[ai-?'x]) 

(SubA) c#x^ {[c:x]z)[a ^ x] = [c:x]{z[a ^ x]) 

(SubId) z[a ^a'] =z 



For the rest of this subsection fix a model 3. 

Let us break down the design of Definition 3.2. Obviously names inhabit the denotation in 
a very direct and literal sense that aj, G l<j>Yr- The reader can think of a : as a constant which 
must be interpreted 'as itself by aj, . 

But fl^ also behaves like a variable: It can be renamed by n-x, and bound by [a:<p]x, and it 
can also be substituted for. The rules (Suba) to (SubA) do the job that valuations do in 'normal' 
models; they replace a name by an(other) element of the model. The significant difference 
is that in standard models we pick a valuation and then form a denotation; in nominal models 
we form a denotation and then — if we wish — substitute for the free variables. 

The axioms (Suba) to (SubId) can be made formal in nominal algebra [ ]. These particu- 
lar axioms are taken from [ ]? Instead of (Sub#) we could take a weaker axiom ^[ai— )-x] = b. 
Conversely, we could safely add (SubId) and thus exclude certain arguably pathological mod- 
els. The language of Definition 2.2 is not expressive enough to detect these choices, but the 
language of Definition 4.3 is (see Example 5.10). 

^(Suba) to (SubId) soundly and completely characterise the syntactic model of substitution. In this paper we are 
also interested in non-syntactic models, so weaker axioms — and thus more models — are reasonable. We chose the 
axioms above because they are closed, in the sense of [ , ], which gives better computational properties (if we ever 
design an abstract machine using this semantics). 
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Aside from the inclusion of names, our notion of model resembles Henkin models, which 
have an applicative structure in which abstractions have a well-defined interpretation [ ]. 

Just as is the case for Henkin models. Definition 3.2 specifies what a model must look like 
but does not build one. We do build a concrete model out of syntax as part of the completeness 
proof in Subsection 3.3. 

The equivariance conditions are standard for nominal techniques; our models must be sym- 
metric up to permuting atoms. 

Finally, conditions 1 to 6 specify the structure of a model that makes it into a model of the 
A-calculus, by interpreting names (as themselves), constants, A-abstraction (as a function of the 
name a and the element x)'^ and a Henkin-models style application. 

Definition 3.3. Suppose F h r : 0. Define an interpretation [rjp G {(j)}^ inductively by: 



We now come to our first soundness theorem; if a term is typable then its denotation inhab- 
its the denotation of its type: 

Theorem 3.4 (First soundness theorem). lfY\- r : then [rjp € l^Yr- 

As a corollary using condition 5 of Definition 3.2, i/F h r : then suppdrjl) ^fa{r). 

Proof. By a straightforward induction on the derivation of F h r : (/): 

• By the definition of model (Definition 3.2), if a : e F then {af^ = aj, G and {Cf^ = 
C G \type{C)\\. 

• Suppose F,a:(/) h r : i/aso that by (L) Fh Afl:0.r : and by inductive hypothesis [[rl|p„.^ G 
KV/Jp. By assumpion [[Aa:0.r]]p G [(/»— 

. If Hr G ^^^ffv and G then . G □ 

3.2 Soundness for /3 -conversion 

Lemma 3.5. Suppose r,a:^ \- r : y '^^d T\- s : where a ^ dom{Y). 
Then\r[a:=s]}l = lrf,^„.^^[a^m. 

Proof. By a routine induction on the derivation of F,fl;:0 h r : i//^: 

• The case of (V) for a. By (Suba) aj, [a ^ \sf^] = \s\l.. Also a[a: = s\ = s. 

• The case of (V) for c:x G F. By (Sub#) [a ^ \s\l] = c^. Also c[a := s] = s. 

• The case of (L) for Xc:X-r. By equivariance (Theorem 2.13) suppose c dom{r)Llsupp{ls}l.).^ 
The result follows using (SubA). 

• T?ze case o/(A) uses (SubApp). □ 

Proposition 3.6 (The £, rule). Suppose F,a:0 h r : i/a and F,fl::(/) h s : Y- 
Iflrfr,.:, = ML:, then {^a-.^.rf, = lla:({, .sf,. 

Proof. Immediate since by Definition 3.3 [[Aa:(/).r]]p = [«:</>] [[''Ir.a:^/ and similarly for s. □ 

*So [a:<j)]x need not be precisely equal to the Gabbay-Pitts atoms-abstraction [a]x from [ ]. 
^In fact by Theorem 3.4 c siipp{lsll.) follows from c dom{T). But that does not matter; we can just rename c 
'fresh', without having to engage in detailed calculations about how fresh it is. 
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Example 3.7. Proposition 3.6 does not hold in a valuation semantics of 'ordinary' models. For 
instance, consider a (valuation-based) semantics with one base type T with denotation {0, 1} 
(a two-element set). Consider x and y and a valuation p mapping x and y both to 0. Then 
Wp = = Mp but llx:T.xj^ / l^x-.T.yl- 

Corollary 3.8 (Second soundness theorem). Ifr =p s (Defn. 2.4) and F h r : then [rJJ, = {sjl. 
Proof. By some routine sets calculations, using Lemma 3.5 and Proposition 3.6. □ 

3.3 Completeness 

Definition 3.9. Write J; F ^ r=s when there exists <p (which is unique if it exists) such that F h r:0 
and F h s:(^, and [[r]lJ.= HJ. and {rjl G l<j)}l. We call the (typed) equality F h r=s valid in 3. 
We need one technical fact about nominal sets, for Theorem 3.11: 

Lemma 3.10. Suppose F h r : 0. If a ^ supp{{r)p) then there exists s such that T;FI- r = sand a ^fa{s). 
Proof. Using [15, Lemma 7.6.2]. □ 
Theorem 3.11. T\= r = s implies r=ps. 

Proof. We take as our model J where {rjl = {r)^, and [[0]]p = {(r)^ | F h r : 0}, and: 

• If a : G F then we take = {a)j, G \<^Yy- 

• If (r)^ G lwfT,a-4 then we take [a:(^>](r)p = (Aa:0.r)p. 

• Similarly, we take (r)^ • {s)ji = {rs)^. 

It is a fact that r=p/ and 5 =p s' imply Xa:(j).r =p Xa:^.r' and rs =p r's' , and it follows that the 
definition above is well-defined. 

We must also check validity of rules (Suba) to (SubA). We consider two cases: 

• The case o/(Suba). It is a fact that {Xa:(j).a)s =^8 s. 

• The case o/(Sub#). Suppose a#{t)^. By Lemma 3.10 there exists t' =p t such that a ^fa{t'). 
So t'[a := r] = t' and thus T;F h t'[a := r] = t' . It follows that {t[a := r])^ = (?)^. 

Furthermore, by construction if (r)^ = (5')^ then r=ps. □ 

The proof of Theorem 3.11 resembles the proof of completeness for Henkin models, with 
moderate changes to handle the 'nominal' models. Our models are not necessarily extensional 
(that is, we do not insist that r = Xa.{ra) for a not free in r) whereas Henkin semantics usually 
are [26]; nevertheless it is reasonable to think of this as 'Henkin semantics with names'. A 
survey of complete non-extensional semantics for STLC is in [2]. 

Theorem 3.11 is simpler than it could be; we could generalise it to completeness for arbitrary 
theories (i.e. we allow a set of equality axioms and prove completeness for the class of models 
that validate those axioms). We expect this generalisation to be an easy replay of the existing 
proof. We do not do this because the simpler case already illustrates the main points, and has 
useful features which we can now explore. 
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3.4 Well-pointedness 

In Proposition 3.6 and Example 3.7 we saw that our nominal Henkin models have a desirable 
property that 'ordinary' models do not. We now come to another; to state it we need a defini- 
tion: 

Definition 3.12. A homomorphism F from J to 3 is a collection of functions mapping [[(/)]]p 
to [[0]]r which are: 

• Equivariant in the sense that K-{F^{x)) = F^,^{k-x) (Notation 3.1). 

• Natural in the sense that F commutes with atoms, constants, abstraction, and •. So for 

example, Fl^.^{a'^) = al and F^^^ {[a:\i/]x) = [a-.^W^a-.^ix). 

The notion of validity from Definition 3.9 is local in that it checks validity at one model. 
There is also a global notion, which checks validity at the model and all 'larger' ones: 

Definition 3.13. Suppose F h r.<p and F h 5:0. Say that J;F l=g,„ r = s when 3;F ^ r = 5 in the sense 
of Definition 3.9 for every 3 such that there exists a homomorphism F :3 ^ d- 

Lemma 3.14. Suppose F h r : and F -.3 ^ 3 is a homomorphism. Then F^drjl) = [rjp. 

Proof. By a routine induction on the derivation of F h r : 0, using naturality. □ 

Theorem 3.15 (Well-pointedness). Suppose F h r : and F h 5 : 0. Then J;F 1= r = 5 if and only if 
a;FK,„r = 5. 

Proof. By considering the identity homomorphism from J to itself, mapping x^ [[0lr to itself, it 
is clear that J; F 1=^,,, r = s implies J; F 1= r = 5. 

Conversely, suppose J; F 1= r = s and suppose F is a homomorphism from J to 3- By assump- 
tion lr\l = ls\l. It follows by Lemma 3.14 that Hr = PriMl) = PriHr) = HI- ^ 

Example 3.16. Theorem 3.15 fails for traditional models. For instance, consider a functional 
model in which all terms are equal because every type has just one element. So F h r = 5^ is 
locally true, but not globally true. 

Nominal Henkin semantics exclude this, because they have elements to interpret variables. 
It is impossible to compress them all down to one element, as we did in the previous paragraph 
for 'ordinary' models. 

4 Existential variables 

Nominal terms introduced to nominal techniques the idea of two levels of variable; atoms (as 
above) and unknowns X, which are existential variables and in [ "^] were used in a unification 
algorithm. The first author proposed combining nominal unknowns with non-trivial logical 
theories, e.g. with first-order logic [19, 21]. Since in this paper we have a nominal semantics for 
the STLC, it is natural to extend Definition 2.2 with nominal unknowns and so to add existential 
variables. 

The motivation for doing this is that STLC underlies many interesting logics and program- 
ming languages, so that our semantics and syntax with existential variables have potential — 
not exploited in this paper but motivating the constructions — to provide syntax and semantics 
for 'incomplete terms'. In common with all other such treatments, a difficulty is the delicacy of 
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maintaining well-typedness under instantiation (which for nominal terms may be capturing; 
see Remark 4.16). Our solution has elements of previous work, but it retains a distinct identity 
and remains typically 'nominal'. 

We will use -permissive nominal terms [ ], which improve on the theory of a-equivalence 
of nominal terms by allowing us to 'just quotient' syntax (nominal terms require a freshness 
context and freshness context update, which are harder to manage in the presence of non-trivial 
equalities/ reductions on terms). 

4.1 Syntax 

Definition 4.1. Fix a partition of the set of atoms from Definition 2.1 into two disjoint countably 
infinite sets A< and A>, so that A = A< tt) A> 

Splitting A in two is key to the syntax, but not to the semantics: the notion of model in 
Definition 5.3 is identical to Definition 3.2 and is based on finitely-supported nominal sets as 
usual. Only the syntax uses the more powerful notions of A< and A> (and it is more powerful; 
see e.g. Example 5.10). This echoes the formal distinction between 'names that exist to be 
bound' and 'names that exist to be free' used in some treatments of logic [15, 39], though this 
distinction is not so rigid here; e.g. a 'standalone atom' a can appear either from A*^ or A> and 
via a permutation or substitution 'migrate' between them. 

Definition 4.2. Fix a countably infinite set of unknowns. X, Y, Z will range over distinct un- 
knowns. 

Definition 4.3. Types are as in Definition 2.2. Terms are defined by: 

r::=a\C\ X[bi:=Si]'J^y \ Xc:(j).s \ rs {{bi \ !</<«} C A< , c G A>) 

[hi := Si] is a (level 1) substitution, which is a finite partial function from atoms to terms, map- 
ping bi to Si and undefined elsewhere (so finite substitutions are directly in this syntax, just like 
finite permutations on unknowns n-X are directly part of nominal terms). We call X[bi:=Si]'l a 
moderated unknown. 

The condition c ^ K' may seem odd — so Xa:(j).a is not well-formed syntax if a G A* — ^but 
since a is supposed to be bound we can intuitively always a-convert it to be in A>. This is a 
useful 'hygiene' simplification, since just by looking at an atom a we can tell if it could be bound 
(a G A*) or captured by an instantiation (a G A< ). We can always move between one world and 
the other using a moderating substitution, as in Xa:<}) X[b:=a] where a G A> and b £ A''- . 

Example 4.4. • An incomplete term. The typing a,b:(l>,X:(j) h Xa:(l> X[b:=a] : 0—^0 where a G 
A> and ft G A*= represents an incomplete typing 'Xx:^.t where t has type <p'. This is an term 
for a function on one argument. 

Looking forward to the level 1 and 2 substitutions in Definitions 4.10 and 5.1, we will be 
able to complete Xa:<pX to a complete term, by applying the substitution [X := b]. We 
get the identity Xa:<p.a. Without unknowns, both the incomplete and the complete terms 
would be represented by Xa:<^.fa for a higher-order / : 0— )-0 (whereas X has type 0). 
• An incomplete HOL predicate. Assume base types i and o and constants =^ : o^o^o and 
V : (l— >o)— ^o. The typing X : o, 7 : i, ft:i h (VAft:i.X)^X[ft := F] : o represents an incomplete 
HOL predicate. 

Without level 2 variables, both the incomplete and the complete terms would be repre- 
sented by ft:i, /:i— ;>ol- {yXb:i.fa)^fa. 
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Definition 4.5. Suppose a permutation n (Definition 2.8) is such that nontriv{n) C A>. Define a 
permutation action n-r on terms by: 

7i-a = n{a) 7l-Xa:^.r = Xn{a):<p.7i-r nC = C 

n-{rs) = {Ti-r){n-s) n-{X [bi := Si]i) = X [bi := n-Si]i 

Remark 4.6. Intuitively, the reason that we restrict nontriv{7i) to atoms in A> is so that we only 
rename the atoms that can be A-abstracted. This restriction could be removed, and the syntax 
made 'more equivariant', but at the price of complicating the syntax := Si\\ to {n-X)[bi := 5,]" 
so that we could write n-{X [bj := 5,],- = {n-X)[ii{bi):=n-Si\. There would be nothing wrong with 
this — it just makes our basic syntax slightly more complicated. Since there is no change in 
expressivity, we leave this out. 

We could also emulate n using the substitution [bi := 5,]", but then we must add (Subid). 

Definition 4.7. Call a binary relation M on terms a congruence when it is closed under the rules 
(CongApp) and (<^) in Definition 2.4 and in addition:*' 

^ ~ ~ ^ (CongX) 

X[bi:=Si\[MX[bc.=sTi 

Definition 4.8. a-equivalence r s is the least congruence such that if G A> \fa{r) then 
Xa:(j).r =« Xb:(p.{b a)-r. Henceforth we quotient terms by a-equivalence. 

Definition 4.9. Define free atoms/a(r) and free unknowns /v(r) by: 

fa{a) = {a} fa{Xa'.<^ .r) = fa{r)\{a} fa{C) = 

fairs) =fa{r) Ufa{s) fa{X[bi:=Si]'l) = (A< \{bi \ /}) U [JM^i) 

fv{a) = j\?{Xa:r.s) =M^) ^Mr) HQ = 

Hrs) =Hr) ^Hs) Hn^i-Sifi) = {X] U U,>(^;) 

Definition 4.10. We give terms a capture-avoiding substitution action r[bi := si]" as follows: 

bj[bi:=s,]'l = Sj (1<J<«) 

a[bi=Si\'l = a (a {bi \ l</<?i}) 
C[bi:=s,]\ = C 

X[bi\=Si\ieA[bi:=Si\ieB = 'X[{bi:=Si)ieB\A, b,eA< , {B = {l,- ■ ■ ,n}) 

{bi:=Si[bj:=Sj]jeB)ieA] 

iXc-4.r)[bi:=Si]", = Xc-4.{r[bi:=si]1) (c G A> \ {\Ji{bi}Ufa{si))) 
{r'r)[bi:=Si]'l = {r'[bi:=Si]'l){r[bi:=Si]'l) 

Note above that if bi e A> then it gets garbage-collected (eliminated) on X, as we see from the 
condition 'bi € A< ' in '/ e B\A, bi G A< '. So for instance X[Z7:=ft'] [b':=b"] = X[b:=b", b':=b"] where 
b,b',b" e A< and X[b:=a][a:=b"] =X[b:=b"] where a e A>. 

Definition 4.11. Let j8-equivalence — =jg — be the least congruence (Definition 4.7) such that 
{Xa:(p.r)t =p r[a := t]. 



^The condition {hi,...,b„} C A'^ is there to guarantee thatX[Z?/:=.?,] and X[bi:=s'j\ are well-formed terms. 
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(a : G r) 
r\- a : <p 



(V) 



{type{C)=^) 
rhC: 



(C) 



r,<3:0 h r --Y ('^ S A>) 



rh {Xa:^.r) : 0— ^V'' 



(A) 



rh 



5,- : Yi {X-.^^r, br-Yi^r, l<i<n) 



(Meta) 



r\- rs --Y 



rhX[bi:=Si]'l:(P 



Figure 2: Typing rules for the simply-typed A-calculus with holes 



4.2 Environments and typing 

Definition 4.12. A type environment F is a set of atomic typings a:(j)orX:(p which is functional 
in the sense that if a : and a : 0' then <p = (j)', and similarly for X (i.e. 'addX:^ to Definition 2.5'). 
Define dom{r) = {a \ G r}U{X | e T}. 

Definition 4.13. Define a typing relation by the rules in Figure 2. 

One interesting feature of Figure 2 is that hi must be typed in F in (Meta). This means 
that we can strengthen only for atoms in A> (the 'abstractable' atoms); see Lemma 4.15. See 
Remarks 4.16 and 4.19 for discussions of why. Also, the Si are typed in a context in which the bi 
occur. There is no problem with circularities; in the models the bi are just elements (with special 
properties). 

Lemma 4.14 (Weakening). IfF \- r:Y ^^'^ c dom{T) then T,c:x \~ r -.Y- 

Proof. By induction on the derivation oiY \- r : Y- For the case of (L) we may rename using 
equivariance (Theorem 2.13). □ 

Lemma 4.15 (Strengthening). Ifr,c:x l~ '■ V^^fl^d c G A> \fa{r) then r\- r : Y- 

Proof. By induction on the derivation of F h r : For the case of (L) we may rename us- 
ing equivariance (Theorem 2.13). The rule (Meta) is why we insist on c0A<; the atoms {bi \ 
l<i<n} C A'^ may not feature in /a(r) but must be in F, as discussed in Remark 4.16. □ 

Remark 4.16. (Meta) states that if X:0 G F and bf.Yi G F for l<i<n then F h 5,- : Yr for l<i<n 
implies F \- X[bi:=Sj] : (p. We must insist on bj-.Yi £ T, for suppose otherwise: Then for a G A> and 
G A*= we could derive X:(j) ,a:x ^ Xb:(j) .X[a := b] : <p^<p; the types of a and b are inconsistent. 

Lemma 4.17./a(r[a := t]) C (fa{r) \ {a}) Ufa{t) 

Lemma 4.18. F, (ci-.Xi)" h r : and F, {ci:Xi)'l h sj : Xjfor l<j<n imply F, (cr-Xi)" h r[c,- := Si]1 : 
As a corollary, ifc G A^ \fa{s) then r,c:x \- r: (p and r\- s : x imply F h r[c := s] : 0. 

Proof. By a routine induction on the derivation of F, [cf-Xi)" l~ r : 0. For the case of (L) we may 
rename the bound atom in the derivation using equivariance (Theorem 2.13). 

The corollary follows by Lemmas 4.14, 4.15, and 4.17. □ 

Remark 4.19. Lemma 4.18 does not state r,c.x h r : (/) and F \- s . x imply F h r[c := s] : 0, for 
c G A'= . For instance X:0,c:(/) h X : and X'.ij) \- X : (p but it is not the case that X:(p h X[c := X] : (p. 
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5 Level 2 substitution 

Definition 5.1. A level 2 substitution is a map 6 from unknowns to terms/ Write [X := t] for 
the substitution mapping Xtot and all other Y toY. 

aB = a {Xa-4 .s)d = Xa-4 .{sB) (a G A>\Uxe>(f)/a(6(^))) CB = C 

{rs)B = {rB){sB) X[br.=s,]'lB = B{X)[bi:=SiB]'l 

Proposition 5.2. lfT,X:t, h r:0 and T h f:,^ f^zen T h r[X := 

Proof. By induction on the derivation oiY,X:t, \- r:<p. The cases of (V) and (A) are routine: 

• Thecaseof{Metsi)forX. Supposer,X:^, {bf.xi/i)" ^ X[bi:=Si]"^ : t, because T,X:t,,{bi:^fi)\ h 
Sj : Yj for l<j<n. 

Suppose r,{bi:Yi)"i ^ t : ^. By inductive hypothesis F, h Sj[X:=t] : Yj for l<j<n. 

By definition X[Z7,:=5,]'^[X:=f] = t[br.=Si[X:=t]]'l. So it suffices to show that r,{bi:\ifi)" ^ 
t[bi:=Si[X:=t]]'l : We use Lemma 4.18. 

• The case of (L). Renaming if necessary using equivariance (Theorem 2.13), assume a G 
A> \fa{t). By definition {Xa:(j) .r)[X:=t] = Xa:(j).{r[X:=t]). We use the inductive hypothesis 

forr,X-4,a-4hr:Y- □ 
5.1 Models 

Definition 5.3. A model J consists of an assignment for each type environment F and type ^ 
of a finitely-supported set lipYr together with the same data as in Definition 3.2, satisfying the 
same equivariance conditions and (Suba) to (SubA ) except that in addition: 

8. If F(a) = F'(a) for every a € A then [[(/)]]p = [[0]]p, (so the model ignores X-.cj) G F and only 
looks at the typing of atoms). 

Definition 5.4 (Simultaneous substitution). Suppose bf-Yi £ T and G IVifr for !</<«. Sup- 
pose X G l(j)fr. Specify x[bi^yi]'l to be equal to (((ci Z^i) o • • • o (c„ ^„))-x) [ci^yi] . . . [c^h^y,,] for 
fresh ci, . . . ,c„ (so c,- 5m/7/7(x) U |J,'5'M/7/7(yi) for 1 < / < n).^ 

Lemma 5.5. Ifx G [[^Jp then n-x G [^F^.p. 

Proo/ Direct from equivariance (Theorem 2.13). □ 

By Lemma 5.5 syntax is equivariant for atoms in because the predicate we use to define 
it in Definition 4.3 uses a partition A = A* U A^. The notion of model of Definition 5.3 does not 
use this partition however, so it is equivariant for all 7i, and not just those with nontriv{n) C A>. 
Lemma 5.5 depends on this, and Lemma 5.6 uses it. 

Lemma 5.6. Suppose bc-Y G F and yj G [v/'Jp/or l<i<n, and suppose z G Ixfr- Then G Ixll- 

''The reader familiar with nominal techniques might expect a condition that fa{6{X)) C A"= always. This would 
be necessary if moderations were permutations, but is not if they are substitutions. See [15, Proposition 3.4.3]. 

^Definition 5.3 only provides substitution for one atom at a time. We need simultaneous substitution in the 
semantics to give meaning to level 2 variables (see Definition 5.9). The minor difficulty is that it might be that 
bi e supp{yj). So we 'rename atoms fresh' first, and then substitute for these atoms one at a time. Certain detailed 
but routine verifications are necessary to make sure this works and is well-defined (depends neither on the fresh 
choice of c,-, nor on the order in which the substitutions are then carried out). The relevant maths is described in [14, 
Section 6]. 
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Proof. Unpack Definition 5.4 and use Lemma 5.5 and conditions 2 and 3 of Definition 5.3. □ 

Definition 5.7. A valuation g is a function on unknowns such that supp{q(X)) C A'^ for every X. 
Write T'f q when G F impHes q{X) G \<^Yr for every unknown X. 

Remark 5.8. Definition 5.7 seems harmless, but it carries some real meaning. By condition 6 
of Definitions 3.2 and 5.3, if jc G \'^Yr then supp{x) C domiY). This implies that if X:^ G Y then 
X ranges over elements with sup-port in dom{r). What happens to all the atoms in \ dom{r)l 
They cannot be used (unless we weaken the context with more typings). 

This is related to a celebrated topic of continuing debate in the philosophy of language 
that assertions like 'the King of France is bald' name and assert properties of apparently non- 
existent objects; they have meaning but do not denote ]. In the same way, the variable X 
asserts a property of all atoms in A* — that they may appear in the denotation of X — ^but this 
does not imply that these atoms exist in the possible world determined by the typing F. The 
typing context determines which of the atoms in A< have existential import [29]. The extra twist 
to this story here, is that in nominal techniques atoms name themselves. 

This is another way of looking at the fine detail of the rule (Meta), that Z?, : y/,- G F even though 
bi ^fa{X[bi:=s,]\]) in general. In order to be substituted for, the atom hi must exist, and to exist 
it must be typed. 

Definition 5.9. Suppose F N g and F h r : . Define an interpretation function mapping r to 
[rJ^ P, by induction on r. 

Hlr = a\ (a:0GF) lC}\,r = C' 

lXa:^A\-x = W4]lr%x e A> \ Jom(F)) M\ = M\,Ms%,r 

IX [bi := .,],F^^, = q{X) [bi ^ MlJi {X-4 G F) 

A few brief words on the case of Xa:(p.r: The condition a domiT) prevents a:(p from overwrit- 
ing typing information in F. The condition a A*= ensures that the clause is well-defined, since 
otherwise a might 'accidentally capture' an atom in q{X) for X £fv{r). The effect of a capturing 
an atom inX can be attained e.g. as Xa:<p .{X[a':=a\) where a' G A"=. 

The language with holes (Definition 4.3) is more expressive than the language without it 
(Definition 2.2). For instance, a:<}) \= r[ai— = r (Definition 3.9) is true for r without unknowns, 
but otherwise may be false. This is because without unknowns, we can use (Suba) to (SubA) 
to push substitution down to the atoms until it either vanishes or substitutes. With unknowns 
this cannot be done; we may get 'stuck' on a moderated unknown. 

Put another way, X really does range over arbitrary elements of the model whereas a can 
only be substituted for an arbitrary element of the model — and these are two distinct concepts. 

Example 5.10. Consider one base type and no constants and a nominal model J such that [tJ^.^ = 
{a\,0, 1}, where supp{0) = supp{\) = 0. Set a'^ [fl'i-7>:K:] =x,0[a\-^x] = 0, and l[aH>x] =0. 

In STLC we cannot detect the element 1 and its sensitivity to [a^x] even though a supp{\). 
In STLC extended with unknowns, we can. Thus, we use (Sub#) instead of a weaker axiom 
that Z7[ai— >x] = X. 

Theorem 5.11 (First soundness theorem). IfT \= q and F h r : then [rj^.p G \<^Yv 
Proof. We consider two cases; the rest is as proof of Theorem 3.4: 
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• The case of (L). Suppose r,a:(/) \- r : y and a e A> so that by (L) F h Xa:^.r : 0—^1//^. By 
inductive hypothesis [rj^^.p „ G [['/'^lra <fi- It follows from condition 3 of Definition 5.3 that 
[a-Mr%s.a., G U^Wfr- By Definition 5.9, \Xa:<^A\-s e U^Wfv 

• The case of (Meta). Suppose Phi';: v^, and X:0 G F and Zj,:v/^,- G F for \<i<n, so that by 
(Meta) T^X[bi:=Si\i : 0. 

By inductive hypothesis \si^^^.^ G Iv^ilr ^^id by assumption ^(X) G \<^Yt- I* follows by 
Lemma 5.6 that ^(X) [^;:=[5;iy < e Ml- □ 



5.2 Soundness for /3 -conversion 

Lemma 5.12. Suppose af.^i G Tfor i G A and r\- r : y T\- si: (^tfor i G A. Suppose q. Then 
lr[ai ■= Si]ieA%s = MlrWi ^ hfg.AieA- 

Proof. By a routine induction on the derivation of F h r : We consider two cases: 

• The case of (L) for Xc^.r. Renaming if necessary, suppose c is fresh (so that c y^i^A^^WP^^i^q-i) U 
fa(si))y^dom{V)). We reason as follows: 

\Xc:x.r\\,Aai ^ M^AieA = {\c:tM\,,)\ai ^ Ml^ieA Definition 5.9 

= ^ bilUieA) (SubA), c^suppiMl.^,) 

= [c-X] ■= s,]ieA}%r ind. hyp. 

= lXc:X-{r[ai := Si]ieA)fg..r Definition 5.9 

= l{^c:x.r)[ai := Si]ieAf g.,r c <^fa{s) 

• The case of (Meta). We reason as follows, where B = {1 , . . . , «} and {bj | j G B} C A< : 

\X[af.=tj]jeB\\,Aai^M\-AieA = S(^) [«7^l0f?;r]^eB[«<^I^^F,;r]^eA Defn. 5.9 

= <;{^)[{ai^lsi%,r)ieA\B, a,eA< , {aj^ltjfg-A^i^l^ifg-r]ieA)jeB] fact 

= ?(^)[(a/'-^Ns;r)ieA\B, a,eA< , {aj^lhi^i-=Si]ieAjl.,r)j^B] ind. hyp. 

= lX[{ai:=Si)ieA\B. a,eA< , (.aj:=tj[ar.=Si]ieA)jeBWg.,r Defn. 5.9 

= lX[aj:=tj]jeB[ai:=Si]ieAfg,r,r4 Defn. 4.10 

Some detailed calculations are hidden in the 'fact' used above. This follows using (SubA) and 
(SubApp) from Definition 5.4, and is one reason that in that definition we 'freshened' the hi to 
c,-; to avoid clash. □ 

Lemma 5.13. Write 'F h r,5 : 0' as shorthand for 'F h r : and F h ^ : 0'. Suppose F 1= 

1. SupposeThr,/ : (l>^(l>' andVh s,s' : 0. 7/[rf^.r=[r'f^.r and lsjl.^=ls%.^ then Msr=I'-'^lsr- 

2. Suppose F,a:0 h r,/ : v^. J/[rF,;r,., = lr%:r,.:, then lXa:^.rjl,r = l^ci:,p .r%.^,. 

3. Suppose X:^ G F and {bf.^i \ 1 <i<n} C F. Suppose F h Sj^s'j : v^y and \sjf^.^ = \s'jf^.^for 1 <j<n. 
Then lX[^-:=.,-]^F^^, = lX[br.=s'Ml.,,. 

Proof. These are facts of equality in sets. □ 



Corollary 5.14 (Second soundness theorem). If r =p s (Defn. 4.11) and F h r : and F |= then 
Mis = W',;r- 

Proof. Using Lemmas 5.12 and 5.13. □ 
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We would expect a completeness result like Theorem 3.11 to hold and have a similar proof. 
Details will be in a journal version. We should verify soundness under instantiating unknowns: 

Theorem 5.15 (Third soundness theorem). Suppose r,X:x I- r : and r\- t : Y- Suppose q. 



Proof. We consider (Meta) for X. Suppose F = r',X:x, (bj-Wj)" and F h sr.Yi for l<i<n so that by 
(Meta) r,X:x, {bj:Yj)'l h X [^,-:=.,-],-. Then [X [br.=sMlix w as °' = W,.r[bi^M%r]i "^""^ '''^ 
lt[bi:=sMl-.r- ' □ 



6 Conclusions 

We have built a semantics for the simply-typed A -calculus (STLC), based on nominal sets. In 
keeping with the 'nominal' philosophy, variables (names) are denoted by themselves. This 
draws certain structure that is normally external to the denotation inside it, and this extra struc- 
ture excludes some arguably pathological homomorphisms between models. We also exploit 
the semantics to existential variables, or 'holes' (suggesting that we do not just get more models 
out of this nominal semantics, but also more languages). 

The constructions are not really any harder than for traditional STLC semantics. When 
reading for instance Definition 3.2, the reader should mentally place this side-by-side with a 
full specification of traditional STLC semantics, including for instance a precise definition of 
valuations as graphs (these are functions with the general shape (A — X) — )• X). Our nominal 
semantics for STLC is no harder than what the reader already knows; it is just different. 

Atypically for nominal techniques so far as exemplified e.g. by [40, 38, 3, 5], atoms have 
non-trivial types. These, if they assign atoms any type information at all, assign them 'the type 
of atoms'. There has been some work assigning more interesting types to atoms [o], but not in 
denotations. 

In the course of doing all these things, we note echoes of other strands of research. The 
distinction between ft G A< and ft : G F is an instance of the distinction between meaning and 
denotation (only finitely many of the atoms in the permission set of an unknown have existen- 
tial import in the denotation) [ , ]. Our use of A* and A>, which is borrowed from [ , ], is 
reminiscent of the two kinds of variable used by Frege [ ] (for a more modern presentation 
see e.g. [39, Chapter IV, Section 1]). This is more an analogy than a precise correspondence and 
we will discuss matters further in a longer paper where we have more space to develop the 
syntax. We still have only one set of atoms and the 'nominal' constructions, notably the notions 
of support, binding, freshness, and nominal set, are unchanged. We have freely imported ideas 
from (permissive) nominal terms, notably in our treatment of existential variables. 

6.1 Related work 

Valuations and unknowns. We gave unknowns a semantics using valuations in Definition 5.9. 
Arguably it is disappointing: why map atoms to themselves in a denotation but then switch to 
another (more traditional) methodology for unknowns? One answer is that atoms are universal 
variables (could be replaced by anything) whereas unknowns are existential variables (must be 
replaced by something), so it is reasonable to interpret them using a valuation, and perhaps we 
should. Indeed there is a precedent for this: atoms correspond to 5-vanables and unknowns to 
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y-variables from [42]. Making this formal by considering a paper similar to this one but aimed 
at first-order logic is a topic of current research. 

Still, there is an interesting alternative. In [ ] a direct nominal semantics is explored for 
unknowns X, analogous to how atoms a map to themselves in this paper, called two-level nomi- 
nal sets. Two-level nominal sets with substitutions would provide a theory of incompleteness in 
which holes are directly represented in the semantics. There is no need for that in this paper 
because we have no level 3 variables (in the style e.g. of the A-context calculus [ ]); but if there 
were, two-level nominal sets might be not only interesting, but necessary. 

Models as presheaf s. The reader familiar with category theory will recognise in Definition 3.2 
a presheaf. In fact, we have enriched the usual presheaf Sets^ (presheaves over finite sets and 
injections between them) to a presheaf over an indexing category enriched with types. Con- 
dition 5 of the two definitions (for n) states that these presheaves should preserve puUbacks 
of monos; this is the critical property required for the sets-based presentation of this paper to 
work [ ]. Presheaves enriched over types have appeared in [ ], without the nominal sets 
style presentation and written for a different audience (one stemming from view of syntax and 
substitution based on [11]). The presheaves are used differently: by considering initial objects, 
inductive datatypes of well-typed syntax-with-binding are constructed. 

Other theories of functions. Combinatory algebra (CA) assumes constants S, K, and /. Ax- 
ioms allow them to model the A-calculus. However, CA is strictly weaker than the theory of 
j8-conversion; the (i^) rule cannot be equationally axiomatised, because A cannot be directly 
expressed (though any given A -term can be compiled to combinators). This can be fixed using 
explicit indeterminates which, from the point of view of this paper, look a lot like atoms [ ~']. 

Alternatively, lambda-abstraction algebras (LAAs) are a first-order axiomatisation which does 
satisfy ^ [30]; again, from the point of view of this paper LAAs look much like the axioms we 
have considered. LAAs are not typed; a 'nominal' equivalent of them was considered by the 
first author with Mathijssen [23]. So this paper is significantly different from both since, as we 
see comparing this paper with [23], the addition of types makes a real difference to the models. 
LAAs take semantics in 'ordinary' sets, so their semantics is not well-pointed in the sense of 
this paper, and we do not obtain the language with meta-variables which we have developed 
here or relate so directly with a wider research context (e.g. into nominal techniques). One 
further subtle feature of LAA models is that they do not have finite support (we do not argue 
whether this is good or bad; we merely observe this as a significant difference). 

Salibra and others have thought deeply about the lattice properties of A -calculus models. As 
a final note we mention that nominal algebra satisfies an HSPA theorem [ ], and ■permissive- 
nominal algebra satisfies an HSP theorem [ ]. This has also been considered by Kurz and 
others [ ]. The deeper theory here — how theorems of uruversal algebra applied to A-calculus 
adapt to the nominal context — remains unexplored. 

Other theories of existential variables. In implemented systems like LP and Isabelle [33] 
these are handled as a special syntactic category of higher-order variable. That is, an un- 
known of type I depending on (universal) variables of type T and z' is modelled by a vari- 
able of type T — t' — I . We make no claim that our model of existential variables is better in 
implementation — it is simply too early to tell — ^but generally speaking we are against solving 
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problems by moving to higher orders. Plenty of complexity can be encoded in function spaces, 
and this is fine for implementation, but encoding something is not the same as having a good 
mathematical model of it. Jojgov includes a excellent and detailed discussion of this issue in 
[27], which is his own analysis of incompleteness; intuitively, by conflating j8 -conversion with 
incompleteness it becomes impossible to distinguish between a complete derivation of higher 
type, and an incomplete derivation of lower type. We add that the denotation of T — > t' — > i is 
uncountable, even if the denotations of T, t', and i are countable. We would not immediately 
expect there to be uncountably many existential variables of type i, so if only on the grounds of 
size we would hope for something smaller. Our denotations deliver this: an existential variable 
of type I is just an unknown X : i. 

Contextual modal type theory (CMTT) has two levels of variable; it enriches STLC with 
'modal types' representing open code [ ]. However, level 2 variables of CMTT are not ex- 
istential variables; they are a species of intensional variable ranging over code. Making this 
formal using a nominal semantics related to the semantics of this paper, is current research by 
the first author. 

6.2 Future work 

We note that, as it stands, there is no general mathematical framework for the study of in- 
complete terms in type theory. Implementors of proof assistants invent ad hoc methods for 
representing incomplete terms, representing incomplete proof states, in their systems. Meth- 
ods evolve more through trial and error than deep mathematical insight. For instance, early 
versions of Coq used a complex system involving two s}mtactic classes — 'existential variables' 
and 'metavariables' — for representing incomplete proof states. Matita [ ], whose design was 
influenced by lessons learned in Coq's development, used from the outset a much simpler 
scheme where the concepts of 'existential variable' and 'metavariable' are unified [ ]. 

We hope that the work presented in Section 4 forms the basis for further, mathematical 
study of incomplete terms in type theory. For instance, the model of STLC in Definition 3.2 
could be extended to a dependent type theory like e.g. compact XP [^i. Subsection 14.2, Fig- 
ure 14.1] (with or without incompleteness). 

It should be fairly easy to internalise the substitution action for unknowns by adding XX, 
thus obtaining a two-level system with logic and computation at both levels — the result should 
resemble the first two levels of the lambda-context calculus [ ], but with a stronger theory 
of a-equivalence and more reductions. One concrete application of this may be to express- 
ing tactics — functions from incomplete derivations to incomplete derivations — in type-theory 
based theorem-provers, which need to program on terms (considered as computation or proof 
respectively). More goes into such a design than metavariables, but the character of metavari- 
ables is key to that of existing implementations [ ]. 

Notions of incompleteness can be motivated by efficiency and speed; notably [35] was mo- 
tivated by optimising unification in LF. These ideas have led to several implementations; an 
up-to-date overview is in [ ]. Note that the details of the syntax are different: the work uses a 
two-level type system with special types for closed code, and 'meta-variables' range over closed 
elements of the domain (i.e. supp{g{X)) = 0, intuitively). No general semantic theory has been 
given for this line of research, and we suspect that the nominal denotations of this paper could 
be turned to that task. 
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